[CLOSE] OSVDB ID : 47545 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.

[CLOSE] OSVDB ID : 47542 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 55637 - Disclosed: 2008-07-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 47543 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

[CLOSE] OSVDB ID : 47278 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors.

[CLOSE] OSVDB ID : 47544 - Disclosed: 2008-07-31

Description:

Libxslt contains overflow conditions in the 'exsltCryptoRc4EncryptFunction' and 'exsltCryptoCryptoApiRc4Decrypt' functions [crypto.c] that are triggered as user-supplied input is not properly validated. With a specially crafted XSL stylesheet, an attacker can cause heap-based buffer overflows, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 47219 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."

[CLOSE] OSVDB ID : 47224 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 47250 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.

[CLOSE] OSVDB ID : 47252 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets.

[CLOSE] OSVDB ID : 47249 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

[CLOSE] OSVDB ID : 47323 - Disclosed: 2008-07-31

Description:

Symphony contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'sym_auth' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 47324 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.

[CLOSE] OSVDB ID : 47345 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.

[CLOSE] OSVDB ID : 47353 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

[CLOSE] OSVDB ID : 47378 - Disclosed: 2008-07-31

Description:

PHPX contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the includes/functions.inc.php script not properly sanitizing user-supplied input to the 'PXL' cookie. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 47503 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.

[CLOSE] OSVDB ID : 48481 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.

[CLOSE] OSVDB ID : 50092 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."

[CLOSE] OSVDB ID : 48564 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."

[CLOSE] OSVDB ID : 48565 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.

[CLOSE] OSVDB ID : 48566 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.

[CLOSE] OSVDB ID : 48567 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.

[CLOSE] OSVDB ID : 48568 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."

[CLOSE] OSVDB ID : 48569 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.

[CLOSE] OSVDB ID : 50093 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."

[CLOSE] OSVDB ID : 50094 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."

[CLOSE] OSVDB ID : 50095 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."

[CLOSE] OSVDB ID : 50096 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."

[CLOSE] OSVDB ID : 50186 - Disclosed: 2008-07-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.

[CLOSE] OSVDB ID : 50187 - Disclosed: 2008-07-30

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.

[CLOSE] OSVDB ID : 50188 - Disclosed: 2008-07-30

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.

[CLOSE] OSVDB ID : 50189 - Disclosed: 2008-07-30

Description:

Pligg contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'vote.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50190 - Disclosed: 2008-07-30

Description:

Pligg contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'trackback.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50191 - Disclosed: 2008-07-30

Description:

Pligg contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'submit.php' script not properly sanitizing user-supplied input to the unspecified parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50192 - Disclosed: 2008-07-30

Description:

Pligg contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'story.php' script not properly sanitizing user-supplied input to the 'requestTitle' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50193 - Disclosed: 2008-07-30

Description:

Pligg contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'recommend.php' script not properly sanitizing user-supplied input to the 'requestID' and 'requestTitle' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50194 - Disclosed: 2008-07-30

Description:

Pligg contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'cloud.php' script not properly sanitizing user-supplied input to the 'categoryID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50195 - Disclosed: 2008-07-30

Description:

Pligg contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'out.php' script not properly sanitizing user-supplied input to the 'title' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50196 - Disclosed: 2008-07-30

Description:

Pligg contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'username' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.